You have bigger problems. You are using dangerous obsolete code that has been completely removed from Php. You need to use PDO with Prepared Statements.
Your code will not even work at all in current Php versions. Your Php version has already reached end of life and is no longer supported. Time to upgrade your Php and your code.
Security is never āoff taskā.
It is if the original problem isnāt solvedā¦
Security is an original problem. Ignoring it is not a solution.
Itās not āworkingā if you do not even consider the slightest security topics.
Oh crap, happy birthday when your security faults lead to serious legal risks.
Oh iām sure, if all of your code looks that messy, it will break every page.
Why need a backup when everybody else has your data? You may find some auctions on ebay soon. Or, who needs backps anyways if your data will be deleted on a regular basis. No data - no legal issues from exposed user information.
Thinking security is just some minor āupdateā to a software is just naiv from the point of any experienced developer. Just read up SQL-Injection.
Thank you for picking out the pieces you want to squabble over instead of helping chorn. I have already stated Iāll be looking into it but your argument is extremely moot at this point. Iām not super worried about auctions occurring on ebay when they happen daily already. The entire point myself and Mr. Maxwell are trying to reach to you is that security IS AN ISSUE but it doesnāt matter RIGHT NOW. The program isnāt live. Itās not live for months still to go! But to do anything - pieces have to operate! Then we can worry about updates. This is a singular function in thousands of pages Iām not super worried. Thank you for the heads up on SQL-Injection Iāll give it a look definitely. 
Please, have something useful to the situation to say or grovel on another post please and thank you 
Your extreme ignorance is showing. What I posted is the most valuable post in this thread.
The OP is running DANGEROUS code. It is a danger to the users of the application and the security of their personal information. It is a DANGER to everyone else on the server. It is a DANGER to the entire network the server is on. It is a DANGER to the entire Internet. Just search the internet for the countless storyās of data breaches. They happen for exactly reasons like this, out of date servers and software or the āprogrammerā didnt know what he was doing or he said āI guess I may care in the future for sureā and never did.
Nobody should rightfully help to get this āworkingā. The code should IMMEDIATELY be removed from the internet until it is secured and the server should IMMEDIATELY be upgraded.
What the op is really saying here is āI have a few thousand pages of attack vectors just waiting to be exploited.ā That is just completely unacceptable. For well over TEN YEARS the PHP manual had/has a BIG RED warning about this code. There is no excuse whatsoever for ANYONE to keep running it.
OP, this is what you need to do.
Donāt waste your time beating a dead horse. Your code cannot be āfixedā. It MUST be re-written to current coding standards.
You are SO off base!
It is offline. The entire thing. This isnāt a public function. It is a private program ran on a private machine via paid employees of a private corporation. Everything about it is offline and physically secure to the individual - which there are 2. Myself and the CEO. Which again - makes the argument irrelevant at the moment. Thank you for the concern. It will be addressed. Just not right now.
The security aside, the code you are using will straight up not work in current PHP whatsoever no matter what you do, therefore you are just wasting your time. You will be FORCED to run an obsolete server and software for it to do anything.
I would be surprised if your CEO would have you continue on your current path if he knew the entire time and effort you are exerting will have to be completely re-done again.
Do you have any idea how many data breaches came from paid employees of private corporations? That is probably one of the top 5 sources of computer crimes.
Trust me, NOBODY needs physical access to your server to compromise it.
Your just deceiving yourself.
OK, thank you If you know ranking please provide that information as Iām currently trying to get the mentioned function to show my data in order. Thanks for the help on ranking 
Post an SQL dump of your DB or PM it to me.
talking about major security issues is not helping? ĀÆ_(ć)_/ĀÆ LOL, gl hf
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.